6 Answers
6

Cisco's own SDM (Security Device Manager) performs some basic auditing. "Cisco SDM allows users to perform one-step security audits to evaluate the strengths and weaknesses of their router configurations against common security vulnerabilities." For a list of features included, see AutoSecure Features Implemented in Cisco SDM .

Another well-known tool is Cisco RAT, available from the Center for Internet Security.

These are good starting points, but far from perfect.

A more recent option (which I haven't tried yet) is the Nessus IOS plugin from Tenable.

Nipper enables you to perform your own comprehensive security audits of your network devices. Nipper supports around 60 different network firewalls, switches and routers from a wide range of manufacturers such as Cisco, HP, Juniper, Check Point and Extreme Networks.

It reads in the running config file and allows you to perform various kinds of analysis such as ACL overlap report, finding ACLs that match certain access patterns, for example ACLs allowing access from one zone to another etc.